I received several copies this morning (in different email accounts) of an email that claimed to be from the United Parcel Service (UPS). Here’s the text of one of them (The “From” name and “Subject” varies, but contains “UPS Tracking Number”):

Dear customer!

The courier company was not able to deliver your parcel by your address.
Cause: Error in shipping address.

You may pickup the parcel at our post office personaly!

Please attention!
The shipping label is attached to this e-mail.
Please print this label to get this package at our post office.

Please do not reply to this e-mail, it is an unmonitored mailbox.

Thank you.
United Parcel Service of America.

My first hint that something was amiss was because I live in Germany, so “United Parcel Service of America” wouldn’t be delivering to my home…

To make a long story short, don’t open that shipping label. If you do, you will have infected your computer with Trojan.Win32.Bredolab.Gen.1(v) (as identified by Sunbelt Software’s VIPRE).

If you did open it, you can get a fully functional 30 day free trial of Sunbelt Software’s VIPRE Anti-Virus and Anti-Spyware software by clicking here (you can also get a copy if you aren’t infected… You should have both anti-virus and anti-spyware software on your computer, and if you don’t, VIPRE is an effective yet economical solution — and comes with full support from Sunbelt). While I didn’t purposely infect my computer to test this, I’m pretty sure that VIPRE will be able to at least quarantine the infection (just be sure to update the definitions and run a full system scan, and let the scan complete itself. You might be surprised at what it finds — and neutralizes).

You do have to give Sunbelt Software a good email address in order to get your license key, but from past experience with Sunbelt, I can vouch for the fact that they won’t spam you or flood your Inbox with unwanted emails. After all, they are an award winning security company and take pride in their reputation… they aren’t about to ruin it by sending you a bunch of junk emails (but do expect a “reminder” when your 30 day trial is about to expire, along with an offer to purchase a one year license — which is very economically priced. They even offer a license that will cover all the computers in your house, which is the license that I purchased and use. And unlike other companies, there’s no “automatic renewal” or “forced continuity” — you have to specifically go back to them every year and renew your license. That’s a good thing!).

Stay safe out there…

P.S. — Just for fun, let’s look at a few more indicators that this is an email you don’t want to respond to:

• UPS doesn’t notify customers by email (as far as I know).
• UPS is not the Post Office!
• “deliver your parcel by your address” — bad grammar (how about, “deliver your parcel to your address”?).
• “Personaly” is spelled wrong.
• “Please attention!” — This is not a phrase that is used in normal U.S. English; however, it is a phrase that I might expect to hear from somebody whose native tongue is not English (and UPS would most likely use native English speakers for their correspondence within the U.S.).

Hope this helps you better identify spam!

NOTE: This posts contains one or more affiliate links. If you click on the link(s) and purchase something, I will receive a referral commission. It will not have any effect on the purchase price of the product. As a general rule, I do not accept free products for review and my decision to promote these products is based on my own satisfaction with the products after purchasing them and my desire to tell you about high quality products while generating revenue for my business. Any exceptions will be clearly noted. Thanks!

I just came across this article about not leaving mail in your car. Your mail contains all sorts of personal information that is of value to a thief. And if a thief has a copy of your bank statement and your home address, the balance just might convince them that a home invasion could be a profitable undertaking.

Do be careful.

As the PGP article also points out, you need to get a good cross-cut shredder and use it to shred “anything and everything” that you don’t need. You should also use a locking mailbox. While driving to the post office to pick up your mail can be a bit of an inconvenience, you can usually find one close to where you work or shop and the cost is minimal (and if you can find one within walking distance of your home, walking to the Post Office to check your mail would be an easy way to add some exercise to your daily routine). Consider it “cheap insurance”.

Now if you’ll excuse me, I need to go to my car…

I’ve been looking for a good tool that will obfuscate (or hide) my email address on websites. I wanted something that is easy for a legitimate visitor to see, yet would be impossible for those ‘bots that scrape the Internet, looking for email addresses on web pages that they can send their worthless spam to.

I think I’ve found one. I’m selling a printer that I no longer use, and if you look at that page, you can clearly read the email address that I’m using for this sale. Yet if you look at the page’s source code — which is what a ‘bot would look at — you can’t find the email address at all.

Neat, eh?

Here’s the script that does a neat job of hiding your email address. I like this one because it uses a fairly complex substitution pattern for your email address. Since it is JavaScript-based, it can be figured out by a smart programmer, but figuring it out is, in my opinion, probably beyond the capabilities of most spam ‘bots.

So give it a try and see if it works for you.

And “thanks” for the script, Amanda Fazani! And yes, she does use her own email scrambling script on her about me page…

Thanks to the good people at Sunbelt Software (makers of VIPRE Anti-Virus and Anti-Spyware, all of us now have a great resource that can help us identify if a program we stumble across on the Internet is a legitimate security product.

To get started, head over to their Rogue Anti Sypware blog and type the name of the product into the search box. If the product is in their database as a rogue product, it will tell you. Of course, if it’s a rogue product, don’t buy it and don’t click any links on the page (keep reading to find out what you can do — it won’t cost you a cent).

Above all, do not, repeat, do NOT buy a product simply because you get a popup or message on your computer telling you that you are infected. That’s always a bad idea. In many cases, the messages are fake and you’ve just given up your hard-earned money for nothing if you do purchase what they are selling. In other cases, not only do you lose your money for nothing when you buy, the rouge / fake site installs malware on your computer and / or takes your credit card details and sells them on the Internet.

Sunbelt recommends that you check out this partial list of legitimate anti virus software vendors. While it’s not 100% complete, it is a good place to start in your search for a legitimate company.

One final tip: Instead of handing over your hard earned money to a potential scammer to fix a potential security problem, download a copy of VIPRE Anti-Virus and Anti-Spyware. It’s fully functional and completely free for 15 days — and after that, you can purchase an annual license for much less than you’d pay to somebody selling a rogue security application. And my personal experience with them has been great; I’ve always received great support from them (and I first used their products back in 2001).

Read this post on Sunbelt Software’s blog for more information about this topic (it includes a link to a very informative PDF document on the subject).

I couldn’t have said it better myself (although I’ve been saying it for a long time): Use strong passwords:

• At least 12 characters.
• At least one upper case letter.
• At least one lower case letter.
• At least one number.
• At least one special character (those things above the numbers on your keyboard, etc.).
• Never use a word from a dictionary, regardless of the language.

Turns out that Adobe has admitted that their passwords can be guessed faster in Acrobat 9 than in Acrobat 8. In a way, that’s a good thing for two reasons. First, their customers get better performance. Second, HOPEFULLY it will “encourage” people to use strong passwords. Just use the guidelines I outlined above and you should be fine (and with Acrobat 9, you can have up to 127 characters in your password — that’s almost more than Twitter will let you have!).

While most security pros don’t recommend that you write down passwords, I do recommend that you write them down — but with a STRONG caveat: Write them down on a small piece of paper (like a blank business card). Do NOT write down the account that the password belongs to with the password, though! Then take that piece of paper and put it in your wallet with your money and credit cards — and protect it just like you would protect your money and credit cards. This way you’re more likely to use a hard to guess (and hard to crack) password.

One word of caution: If your workplace policies don’t allow you to write down passwords, then follow those policies. While I encourage you to discuss this issue with those who are responsible for security at your company (and feel free to share this blog post with them), following their policies is more important than listening to me. The owner or CEO has ultimate responsibility for the security of their computers and networks, so always do what they tell you to do.

But on your computers, you have the choice, and I encourage you to consider using my system.

Even better: Get RoboForm and you only have to write down one password — the master password that protects your password “vault” (if you have multiple computers, get the “ToGo” version and put it on a small thumb drive). Just don’t forget to make that password hard to guess — and don’t forget to change it every couple of months.

I’ve been using my current laptop for about three years now. I gave my old laptop to my wife when I got my current one. She doesn’t do much except for shopping and writing emails to a few friends.

I had installed some applications on that laptop before I passed it off to her and she recently asked me to remove them so that it would start up faster and free up some disk space. I did that, and then I defragmented the hard drive. It was working much better.

Just for the fun of it, I then decided to run Trend Micro’s Hijack This on that computer, along with Sunbelt Software’s VIPRE Anti-virus / Anti-Spyware. It didn’t find a single thing on it that was bad (outside of a few cookies, which aren’t really that big a deal from my perspective. I just delete them and move on).

The key here, I think, is that my wife doesn’t go off surfing to the four corners of the Internet. She goes to sites that she knows and trusts. She only opens emails from people she knows and trusts. She also trusts her “sixth sense”, and when something seems to be a bit questionable, she either ignores it or asks me. And that’s why I think her computer was so clean, even though I hadn’t checked it for quite some time.

Oh, and I don’t run anti-virus software on her computer, either — and you don’t have to, either, presuming you follow her best practices and have a certified computer security pro in the house to turn to when you have problems…

So stay away from those sites where you don’t really need to go. It will help ensure that your computer stays malware free.

Oh, and this is one of those sites you should visit…

Got Conficker? I certainly hope not!

Conficker is a form of malware that allows some unknown entity to take over your computer and do things that you’d rather not have done. It was first released last November (after the details of a Microsoft Windows vulnerability were made available). Since this threat is easily removed by applying the patch from Microsoft (NOTE: This link only works with Internet Explorer), there’s really no excuse for having an infected computer.

If the patch is readily available, then why is Conficker such a big problem?

• Because people don’t bother to patch their computer.
• Because they use illegal copies of Microsoft software and cannot patch it (there’s are many good reasons why you should pay for your software; this is just one of them).
• Because people use old operating system software that is no longer supported. The Conficker patch requires that you use Vista, XP with at least Service Pack 2, or Windows 2000 with Service Pack 4.

Let me talk a bit about outdated operating system software. Does Conficker affect computers that are still running Windows 98 and Windows ME? I don’t know, and to be honest, I doubt if Microsoft knows because they no longer support those operating systems. This means that any security vulnerabilities found in those products will not get patched (and it isn’t Microsoft that is finding any of these vulnerabilities; it is hackers and criminals). If you are still using those operating systems, you have chosen to accept this risk.

But back to Conficker — and the easy test to see if your computer is infected:

• Click here and follow the simple instructions to test your computer for Conficker.
• If certain images are not displaying (but others are), then head over to this Wikipedia article on Conficker to learn how to get rid of it. The best way is to use Microsoft’s Malicious Software Removal Tool, then install their patch. You get it all if you follow the first link in this blog post (but you’ll need to click on it in Internet Explorer for it to work).

Here’s hoping that you are Conficker-free, but if you are not, I hope that this helps you take care of the infection. And once you’ve taken care of the infection, get yourself a good, reliable anti-virus and anti-spyware solution to better protect your computer.

I am in Orlando this weekend, speaking at the Earn 1k A Day Summit on computer security. one of the other members attending the event asked me about antivirus and firewall software.

I tested Sunbelt Software’s VIPRE AntiVirus a couple of months ago (I don’t regularly use antivirus software; I rely on other “experts only” methods to protect my computers. However, I strongly recommend that you use it). I like the software and recommend that you take a look at it. You can download it and use it for 15 days before you have to pay for a license, which is more than enough time to thoroughly test the software. You can also download the trial and use it to recover from a virus issue.

Here’s why I like VIPRE:

1. The software was written from scratch, so to speak. Instead of trying to take an old software platform and updating it. Viruses have changed, and many of the old traditional platforms have struggled to keep up — and even if they have, the code base — and performance — gets bloated.

2. The new code base was written to better detect emerging threats and trends in virus coding.

3. The software includes anti-spyware software, based on Sunbelt Software’s CounterSpy product. This eliminates the need for a second piece of installed (and active) software to monitor for spyware.

4. Sunbelt Software is widely regarded as being one of the leading computer security companies. Their blog is one of my
“must read” daily sites as a computer security professional.

5. Sunbelt has excellent customer support. I first dealt with them several years ago and was immediately impressed with their support. I’m still working with their products… and am still impressed…

6. Sunbelt Software is a stable company, and their business model (annual subscriptions) helps ensure that the product will continue to be supported and improved in the future (and their annual license fee is very affordable).

Again, as business people, I recommend that you stay away from free when it comes to anti-virus software. You need support and help, and with a variety of reasonably priced licensing options available, you should be able to fit this into your budget.

So go ahead and download a 15 day trial. Install it. Scan your computer and see what it finds. VIPRE will most likely find and eliminate things you’d rather not have on your computer.

One suggestion: Don’t run more than one anti-virus program at a time. You’ll need to disable any anti-virus software you currently have running before installing VIPRE.

Again, download your 15 day fully functioning trial of VIPRE anti-virus and anti-spyware software at the following link:

Click Here To Download Sunbelt Software’s VIPRE AntiVirus and AntiSpyware Software

–Tom

A fireproof box can be a great place to store a small quantity of important papers. Anything put in this box has a better chance of surviving a fire. I like to keep my passports, birth certificates, wills, and social security cards in there, among other things. They are the things you don’t need all that often, but when you do need them, they can be almost impossible to replace.

There’s just one problem with my fireproof box; I don’t know what happened to the key. My five year old son liked to play with it, opening and closing it, and one day the key just disappeared. Now I’m sure that the key will turn up the next time I clean up my office — and thankfully there weren’t any important papers in it when he lost the key (I took them out before he decided to “decorate” my passport!) — but that does raise an important issue.

We buy those fireproof boxes so that our important papers will survive a fire. But what about the key? What good would it do if the box survived intact but you couldn’t put your hands on the key to unlock it?

I recommend that you keep one key with you (perhaps on your car key ring, since you’d probably grab that on the way out the door if there was a fire) and give the second key to somebody you trust (we call this “off site storage” in the security business). That way, should there be a fire (Heaven forbid!), there’s a good chance that you’ll be able to quickly open the box once it’s recovered.

I’ll be covering more fire tips in the days and weeks to come, so keep checking back.

Thanks,
Tom

The first message just popped into my Inbox: “Hurricane Relief”.

Here we go again.

If you want to contribute to hurricane relief, please do so via some established charity that you KNOW, with 100% certainty, will use your donation for its intended purpose. I’m not going to list any here, nor will I recommend any.

Why? Because even some established charities made appeals for donations after Hurricane Katrina three years ago, yet some donations that people thought were going to go to provide relief for hurricane victims were used for other purposes.

But whatever you do, PLEASE DO NOT RESPOND TO AN EMAIL REQUEST FOR CHARITY, DON’T MAKE DONATIONS BASED ON A WEB PAGE YOU SEE, AND DON’T ASSUME THAT SO-CALLED “HURRICANE SALES” WILL USE THE PROCEEDS FROM THE SALE TO HELP HURRICANE VICTIMS.

Serious. If you really want to give (which is a good thing to do), find a legitimate charity and give through them.

If there’s one thing we learned from Hurricane Katrina, it’s that some people will simply take advantage of a tragedy to make a few quick bucks. Don’t let it happen again.

And above all, NEVER CLICK ON A LINK in any “Hurricane Whatever” emails. They very well could lead you to a site that installs malicious code on your server.

Thanks,
Tom